Whitelist Before Execution

Mon Jul 13 15:32:37 UTC 2009

On Sunday 12 July 2009 6:11:23 pm Jason C. Wells wrote:
> Is there a method by which we can check the consistency of an executable 
> or library prior to trusting it for execution?  For example, if the file 
> doesn't exist in the list of trusted files or the checksums do not match 
> then do not allow execution and write a warning message to the log.  I 
> could do this manually with existing features like mtree.  It would be 
> nice if the system could do it for me.

I believe csjp@ has a MAC module to store checksums of trusted executables in 
the kernel and to fail execve() if the executable is not a known trusted 
binary.

-- 
John Baldwin